Close Open Privacy Scan

bolt Snapshot: commit 7255ce9
science engine v1.4
schedule 2026-07-14T00:54:16.962211+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

smart_toy MCP server detected: @ai-sdk/anthropic, @ai-sdk/openai, @modelcontextprotocol/sdk, ai — detected in dependencies, not a safety judgment.
Incomplete scan — only 97/198 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 978 finding(s)

Dependency score: 22 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

43 high 29 medium 906 low
First-party packages: 22
Dependency packages: 41
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: 169.254.170.2aaccounts.google.comaccounts.spotify.comaccounts.x.aiai-gateway.vercel.shai-sdk.devaiplatformaiplatform.googleapis.comanoma.lyapi.anthropic.comapi.bitbucket.orgapi.cerebras.aiapi.cloudflare.comapi.cohere.comapi.deepinfra.comapi.deepseek.comapi.descope.comapi.digitalocean.comapi.emailoctopus.comapi.fireworks.aiapi.github.comapi.githubcopilot.comapi.groq.comapi.honeycomb.ioapi.kilo.aiapi.llmgateway.ioapi.login.yahoo.comapi.meuprovedor.comapi.minudbyder.dkapi.miproveedor.comapi.mistral.aiapi.mojdostawca.comapi.mojprovajder.comapi.monfournisseur.comapi.myprovider.comapi.openai.comapi.opencode.aiapi.perplexity.aiapi.releases.hashicorp.comapi.saglayicim.comapi.together.xyzapi.v0.devapi.venice.aiapi.x.aiapi.x.comapp.opencode.aiappleid.apple.comapplink.feishu.cnattacker.exampleauth.openai.comauth.x.aiavatars.githubusercontent.combedrockbedrock-agent-runtimebedrock-agent-runtime.us-west-2.amazonaws.combedrock-mantlebedrock-mantle.us-east-1.api.awsbedrock-runtimebedrock-runtime.us-east-1.amazonaws.combit.lybitcoin.orgcdn.jsdelivr.netcdn.tailwindcss.comchatgpt.comcloud.digitalocean.comcloud.gitlab.comcommunity.chocolatey.orgcompany.ghe.comconsole.opencode.aicopilot-apidashboard.stripe.comdashscope-intl.aliyuncs.comdebian.exampledev.opencode.aidevelopers.cloudflare.comdiscord.comdiscord.ggdocs.cloud.google.comdocs.github.comdocs.solidjs.comdownload-cdn.jetbrains.comdynamodbemail.us-east-1.amazonaws.comemscripten.orgenterprise.opencode.aievil-example.comexample.jpfakefonts.googleapis.comformulae.brew.shgateway.ai.cloudflare.comgenerativelanguage.googleapis.comgithub.comgitlab.comgoogle.aip.devgraph.facebook.comgraph.microsoft.comhono.devhonojs.hono.example.jpid.execute-api.us-east-1.amazonaws.comid.twitch.tvimportant-clam-66.deno.devinference.baseten.coinference.do-ai.runintegrate.api.nvidia.comissuer.examplejson-schema.orglogin.microsoftonline.commanagement.stytch.commcp.exa.aimodelcontextprotocol.iomodels.devmy-bucket.s3.amazonaws.commy-service-a1b2c3.x1y2z3.vpc-lattice-svcs.us-east-1.on.awsoauth.id.jumpcloud.comoauth2.googleapis.comopenauth.js.orgopencode.aiopencode.internalopencode.localopenrouter.aiopncd.aiorm.drizzle.teamother.complacehold.coraw.githubusercontent.comregistry.npmjs.orgs3s3-fipss3-fips.dualstacks3-fips.dualstack.us-east-1s3-fips.us-east-1s3-object-lambdas3-object-lambda-fipss3.amazonaws.coms3.dualstacks3.dualstack.us-east-1s3express-controls3express-control-fipss3express-control-fips.dualstacks3express-control.dualstackschema.orgsearch.parallel.aislack.comsocial-cards.sst.devsolidjs.comsst.devstripe.comstytch.comsupabase.comtest.openrouter.aitoken.actions.githubusercontent.comtools.google.comtwitter.comunpkg.comus.i.posthog.comvercel.comvercel.linkvia.placeholder.comwindows.examplewww.allaboutcookies.orgwww.allaboutdnt.comwww.eclipse.orgwww.facebook.comwww.githubstatus.comwww.google.comwww.googleapis.comwww.rfc-editor.orgwww.sitemaps.orgwww.terminal.shopwww.typescriptlang.orgwww.w3.orgwww.youtube.comx.comyoutuzenmux.ai

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:7 repo/.opencode/tool/github-pr-search.ts:4
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:26 repo/.opencode/tool/github-triage.ts:23
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:45
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:52
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:67
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:4 repo/script/stats.ts:11
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:49
high first-party (npm): packages/ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:48 repo/packages/ui/vite.config.ts:54
high first-party (npm): packages/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:1 repo/packages/cli/script/generate.ts:5
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:125 repo/packages/core/src/plugin/provider/openai.ts:122
high first-party (npm): packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:32
high first-party (npm): packages/desktop User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:16 repo/packages/desktop/scripts/finalize-latest-json.ts:116
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:10 repo/packages/opencode/script/generate.ts:13
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:496 repo/packages/opencode/src/plugin/openai/codex.ts:488
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:496 repo/packages/opencode/src/plugin/openai/codex.ts:506
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm): packages/opencode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
high first-party (npm): packages/stats/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
high first-party (npm): packages/console/function User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
medium first-party (npm): packages/console/app Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
hub Dependency data flows (14)
high ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
high hono dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/runtime-tests/node/index.test.ts:236 pkgs/npm/[email protected]__reposrc/runtime-tests/node/index.test.ts:236
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:145 pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-consumer-todo-list/api/TodoService.ts:27 pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-consumer-todo-list/api/TodoService.ts:27
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:26 pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:56 pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:244 pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:34 pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:74 pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71
high ai-gateway-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:243 pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240
high @openauthjs/openauth dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
high @modelcontextprotocol/sdk tooling User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215 pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:245
high @modelcontextprotocol/sdk tooling User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621 pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:643
high @openrouter/ai-sdk-provider dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18 pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16

</> First-Party Code

first-party (npm): packages/opencode

npm first-party
high pii_flow production #aead3390d0c72f39 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/script/generate.ts:13 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/script/generate.ts:10 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/script/generate.ts:13
  : await fetch(`${modelsUrl}/api.json`).then((x) => x.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #b53943a51f29c09c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #94205ade1eb8693c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #9d0d36f34a91eebd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:488 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/openai/codex.ts:496 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/openai/codex.ts:488
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #831a91d87c553fe9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/openai/codex.ts:506 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/openai/codex.ts:496 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/openai/codex.ts:506
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1190f64849ae046a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #53e9a2a8105f816a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #01345b333f884d9e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1e23f8374a9b3139 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-fgzlg05n/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #28ff012614a2ad63 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d821351cad6348e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8ead82695e00a96b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c7a07d7a2f4b8883 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6998387618923090 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5756696c746c7ab4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #695d4c0e148f9ac2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5e7b5e466a4e8cad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #6061acf05027fc65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #08d46568734215c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bf2c78c992e878af Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9c124715cc763a30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 134 low-confidence finding(s)
low env_fs production #2b70919563625df5 Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea7d705567322b9e Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f813a675242cc3f0 Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dd87cafaaff1d4c Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a39706062d74175c Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01e8ded05a4df10a Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d99b158c9a600583 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91b5a6cfb80686de Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf011a7a156ab306 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #025444e7c909ddc0 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bb135ab138a8887 Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08df3475a67692dc Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #febc5300af9ee549 Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cecc5529c5157e9 Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aea46803038ab5cc Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dc8a3ea81b2977b Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9acf8cdfce85693a Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b07aeeff2d926133 Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93f3a7ee80275fb7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #618e85410030e362 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2098c82bc363eef Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb1095650a94c7c5 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97b9c33df2eea63b Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cea90947d86b495 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #197f1559c9a98434 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffb2c848ce1c2c45 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edb8fbfc51595ed1 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93a8f98fa50062e Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e18eb2f3eadedbd Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbe509eb3a8c79aa Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e559a367cbf9a8ac Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #845533867bd6e32c Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58bda8d0f0ac102b Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01bb0993d8be4a0e Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #421d12908180691b Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17f138e3aa740fc8 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dfdbf961295c403 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8dac7ec36dad4cbb Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a243e7d7f55edb89 Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #278c628613ecd026 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19c627bea3110410 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #300293c69c7f77c8 Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #877faffb4f071642 Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c9ca83511d6aecd Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f63064339e80b1f9 Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91e2028ff30c3a24 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd43b376c84643bf Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c5c234e129d182a Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c4f28b7b728ac52 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb89b11503cb1ff7 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4f82e8ccf0df308 Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2af90778d26dd795 Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a23c83514f114aed Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd93ab6c67cc5f2c Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52d2d563a21f6add Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3294c49ad831498 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c30a388d1757ee0a Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e99d861ea1a043 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22367ef9f9811a23 Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c35f859143cf8b75 Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f982a46fcaf70b3d Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1e9eba898cff747 Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8318d9daeaaa3176 Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccfc8c764fdb87cc Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #49fe45cf75912ee0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2b3184b6d2d0c7a5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5a19b1361a52a0b9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ac9efc9ded8e8f36 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c4afebbb4a1be23e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c4c802316f6e2c54 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e0ff285546a675f7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bc05f573483573c8 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49cab8875a08d72b Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #43b15e61ad55eaee Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5c9140815caaf22a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0eddd2aa368b4709 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ec6084cae32bcf3 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a30c51a4179b90f5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #2a1086f35ea2b295 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6158cb2300c1e602 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0b531d7152009602 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b328404518c240e0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dfa1db8258d618d7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b09b9d249f6988f2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f94a1106a076d0f5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cffa53e8e8f6897b Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a220bda7b2fa2b48 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18d7f0c1286f3d4d Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6923f406f63688f Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #90f1c6f55d125519 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #eb8554ac1cd45b3d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #163b235288c622f9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:464
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5e76b277a46bc67d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:488
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6a75d718d1ee59d3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:506
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #39a05e383d773e72 Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8905842717618986 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:313
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86f0a6cad392f45b Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:316
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1956936b0d83867c Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:325
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #464c59511a40b1f4 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:573
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a0526d344e95739 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:576
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16e9183017ac1890 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:581
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eca7e1e40bb92df6 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:582
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #bb773e53a8d74b89 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #df77b3f1be61131f Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0114d8ab1ab85c10 Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5753aff23732b0c Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bf2be62c79f4727 Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa4d3ef06084578e Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3925134c0f042e16 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e9dc60fef275abf Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8312b9a9f5b696ea Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1ae9f82cfa2560 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16628d1c500a31e8 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d608fee5c4b78df Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9be5e25fc080c3f4 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddb9d63bae02bd48 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d15614a8127077f Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5799320153c602dd Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcde3a00aa25d481 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daa6b46eb7fba5eb Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51dd1e2a2a3a6de4 Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04f4841970560b77 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e2c697cfeda6e75 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29b731560f007089 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25e5ea334a987f33 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e066aed20395d38a Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7994b64208281396 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d254cc8c39a20ee Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2aec1be64c5024b Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c00b72eb232a600e Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df84b15e65ae1f34 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f407087060d89b9d Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cb2ef499f958254 Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89faeec8cddc0c2 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/app

npm first-party
high pii_flow production #6840a9ee0e7af11a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e2f44ae539af2189 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #919b0586a8449906 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #f20b17acd0dbb588 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-fgzlg05n/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #3df2c49fe02d9c29 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #75724914eed50d57 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #88809c27b17d1a34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cc974ab09aed3fa5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7d5351521fd7dad4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #b63fff28ab24ae04 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #2bf886fac65b5696 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #42c08c7422dd51ac Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #cb883cfc7db5074b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low env_fs production #243aefc49e5ec1e5 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dde7a12eef32c627 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c23baabcde2cdbb9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3f3189f1295126f6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5ce2a775c73eb8ff Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #53ad462cc54a1eb9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm)

npm first-party
high pii_flow production #24ee25bcac6bbde9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-pr-search.ts:4 · flow /tmp/closeopen-fgzlg05n/repo/.opencode/tool/github-pr-search.ts:7 → /tmp/closeopen-fgzlg05n/repo/.opencode/tool/github-pr-search.ts:4
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #71734ac0b4049f10 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/.opencode/tool/github-triage.ts:23 · flow /tmp/closeopen-fgzlg05n/repo/.opencode/tool/github-triage.ts:26 → /tmp/closeopen-fgzlg05n/repo/.opencode/tool/github-triage.ts:23
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #58ee4c541e6ae39e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:45 · flow /tmp/closeopen-fgzlg05n/repo/script/github/close-issues.ts:7 → /tmp/closeopen-fgzlg05n/repo/script/github/close-issues.ts:45
  const comment = await fetch(`${base}/comments`, {
    method: "POST",
    headers,
    body: JSON.stringify({ body: msg }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #d79786c6bd02505e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:52 · flow /tmp/closeopen-fgzlg05n/repo/script/github/close-issues.ts:7 → /tmp/closeopen-fgzlg05n/repo/script/github/close-issues.ts:52
  const patch = await fetch(base, {
    method: "PATCH",
    headers,
    body: JSON.stringify({ state: "closed", state_reason: "not_planned" }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #22591a8b0f2bf313 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/github/close-issues.ts:67 · flow /tmp/closeopen-fgzlg05n/repo/script/github/close-issues.ts:7 → /tmp/closeopen-fgzlg05n/repo/script/github/close-issues.ts:67
    const res = await fetch(
      `https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`,
      { headers },
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #81dc5f1bb07edb1e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/script/stats.ts:11 · flow /tmp/closeopen-fgzlg05n/repo/script/stats.ts:4 → /tmp/closeopen-fgzlg05n/repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 38 low-confidence finding(s)
low env_fs production #d17cd18a3f657915 Environment-variable access.
repo/.opencode/tool/github-pr-search.ts:7
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #213598dff42e5a97 Environment-variable access.
repo/.opencode/tool/github-triage.ts:17
  const issue = parseInt(process.env.ISSUE_NUMBER ?? "", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea0ecdd4f590ea7 Environment-variable access.
repo/.opencode/tool/github-triage.ts:26
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a54c0d32816789f Environment-variable access.
repo/github/index.ts:302
  const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be43de7315204402 Environment-variable access.
repo/github/index.ts:316
  const runId = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eeb6304d0e4303c8 Environment-variable access.
repo/github/index.ts:323
  return process.env["AGENT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a89c3decdd8fd9e9 Environment-variable access.
repo/github/index.ts:327
  const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86861e335167da89 Environment-variable access.
repo/github/index.ts:336
    mockEvent: process.env["MOCK_EVENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf53c6e7e155d4ed Environment-variable access.
repo/github/index.ts:337
    mockToken: process.env["MOCK_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98d289ecf20e9aa9 Environment-variable access.
repo/github/index.ts:342
  return process.env["TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #63e4709947b9398a Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:377
    response = await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${useEnvMock().mockToken}`,
      },
      body: JSON.stringify({ owner: repo.owner, repo: repo.repo }),
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ecc464690f640775 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:386
    response = await fetch("https://api.opencode.ai/exchange_github_app_token", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${oidcToken}`,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8f5819710f71cbd0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:1064
  await fetch("https://api.github.com/installation/token", {
    method: "DELETE",
    headers: {
      Authorization: `Bearer ${accessToken}`,
      Accept: "application/vnd.github+json",
      "X-GitHub-Api-Version": "2022-11-28",
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #05d7c8ea8af855e2 Environment-variable access.
repo/infra/console.ts:276
          new sst.Secret("CLOUDFLARE_DEFAULT_ACCOUNT_ID", process.env.CLOUDFLARE_DEFAULT_ACCOUNT_ID!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fd35d0ccff05089 Environment-variable access.
repo/infra/console.ts:277
          new sst.Secret("CLOUDFLARE_API_TOKEN", process.env.CLOUDFLARE_API_TOKEN!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a004f55354906583 Filesystem access.
repo/nix/scripts/canonicalize-node-modules.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3390c4b3cacde6fc Filesystem access.
repo/nix/scripts/normalize-bun-binaries.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ef1465ca5f410f6 Environment-variable access.
repo/packages/containers/script/build.ts:10
const reg = process.env.REGISTRY ?? "ghcr.io/anomalyco"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77ed1922e2e5fbad Environment-variable access.
repo/packages/containers/script/build.ts:11
const tag = process.env.TAG ?? "24.04"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec77c913f6cdf79b Environment-variable access.
repo/packages/containers/script/build.ts:12
const push = process.argv.includes("--push") || process.env.PUSH === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db912e32f143c088 Filesystem access.
repo/script/beta.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a8421dd4e30c41c Environment-variable access.
repo/script/beta.ts:61
  if (process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2d8bdf9225b7205 Filesystem access.
repo/script/changelog.ts:3
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dff5ac08d888d32d Environment-variable access.
repo/script/github/close-issues.ts:7
const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60cc4419745428d4 Environment-variable access.
repo/script/github/close-prs.ts:346
  const envToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ede5b0f9e7a4616a Environment-variable access.
repo/script/publish.ts:72
  await $`gh release edit ${tag} --draft=false --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28bb32614e7799fc Environment-variable access.
repo/script/raw-changelog.ts:25
const repo = process.env.GH_REPO ?? "anomalyco/opencode"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #320d1999ea42e513 Environment-variable access.
repo/script/stats.ts:4
  const key = process.env["POSTHOG_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #87f0d56f450e19b0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #dbb3ce6ac5519825 Environment-variable access.
repo/script/version.ts:7
const sha = process.env.GITHUB_SHA ?? (await $`git rev-parse HEAD`.text()).trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80edc215c778951c Environment-variable access.
repo/script/version.ts:15
  const dir = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ccd2ae892c649f4 Environment-variable access.
repo/script/version.ts:23
  await $`gh release create v${Script.version} -d --title "v${Script.version}" --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6596b448bd67f582 Environment-variable access.
repo/script/version.ts:25
    await $`gh release view v${Script.version} --json tagName,databaseId --repo ${process.env.GH_REPO}`.json()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f1ba81184aa8fb8 Environment-variable access.
repo/script/version.ts:30
output.push(`repo=${process.env.GH_REPO}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e194b4e8586c4b5 Environment-variable access.
repo/script/version.ts:32
if (process.env.GITHUB_OUTPUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec877d7ed808c380 Environment-variable access.
repo/script/version.ts:33
  await Bun.write(process.env.GITHUB_OUTPUT, output.join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25b164d00d22ee0d Environment-variable access.
repo/sst.config.ts:14
          profile: process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9052d77c039e9d28 Environment-variable access.
repo/sst.config.ts:22
          apiKey: process.env.STRIPE_SECRET_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/desktop

npm first-party
high pii_flow production #a4c64855a53f75f5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-fgzlg05n/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-fgzlg05n/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4fe8e2ec6f57c6f9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-fgzlg05n/repo/packages/desktop/scripts/finalize-latest-json.ts:16 → /tmp/closeopen-fgzlg05n/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #122cace995ebeb79 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0c9181e11d393601 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 63 low-confidence finding(s)
low env_fs production #90b7508e9286964c Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e076ac78b03f0df Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41d2772b16a5c223 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58bc1418de47c76e Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a952ff376bad34ac Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acd1b40a18b00a2a Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c894a305e9c0c0b1 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #386d425e0586d535 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d45937de2a198212 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05c9da8a52b3278a Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f917df9c368dc23 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b687ffa4c8c023a4 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5da0143621ca059e Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fb83b86fcafbf7a Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #680b018228e515fe Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #102bd1b893b7096e Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5be1840b944bd14 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46e294078934a7a2 Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4de4b73c8d332bb2 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31e9246fca8ace31 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6061cf1ce427c63d Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afab79528b7cc6bf Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7a464cbbbbff8ee Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #074ed183996446a3 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #614c38ef9cc2ac66 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2675360777683cc Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22ac094f8215877f Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d187d6861cfc6a0b Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f58ffa5d58a0b2b Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed3570fcea4081b1 Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4450e90f0d9d4981 Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078a5d714135f629 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8638a5b3ff445aba Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f594842367c4a0d Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a07657f4e021185 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a96d1a44f560154 Environment-variable access.
repo/packages/desktop/src/main/index.ts:56
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97229d1fb4b21a22 Environment-variable access.
repo/packages/desktop/src/main/index.ts:90
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4806b4a5f383370 Environment-variable access.
repo/packages/desktop/src/main/index.ts:100
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #120cb5f121e6caf0 Environment-variable access.
repo/packages/desktop/src/main/index.ts:115
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79379a3ab8d4a0ab Environment-variable access.
repo/packages/desktop/src/main/index.ts:126
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b0799bfb0fd129c Environment-variable access.
repo/packages/desktop/src/main/index.ts:127
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc259b5c870d0ee6 Environment-variable access.
repo/packages/desktop/src/main/index.ts:128
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82b88522420d2882 Environment-variable access.
repo/packages/desktop/src/main/index.ts:129
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba012b11c7ca71f1 Environment-variable access.
repo/packages/desktop/src/main/index.ts:130
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fe4a2537ce19b19 Environment-variable access.
repo/packages/desktop/src/main/index.ts:308
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09db35fba10374f4 Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf81ca7b273a633f Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85333b8d1cbaa6eb Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ce353173548ad0 Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ec7ac0dc953ff8 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed359d03e2078a8f Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53b9e0f6d4b567a8 Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a5240612c327967 Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aaddc8dcff19110 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #257c60f79616a59d Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3a943c2f8229807 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f39a2fffdd263af2 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1589804de0508d06 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93e90ab9fb830187 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4943dc59c662be3 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41fafcf178c325f7 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:292
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c036961dcfa5655 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f3ebac2b33158e2 Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/function

npm first-party
high pii_flow production #c5acecb95a7c80f6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-fgzlg05n/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #59affefee27840f8 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-fgzlg05n/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6f54306826b2b1af User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-fgzlg05n/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-fgzlg05n/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low egress production #855f207a3c01a630 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6142efdb5205dbd1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #06a840d1800af588 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/core

npm first-party
high pii_flow production #e7421050f12a3e99 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/plugin/provider/openai.ts:122 · flow /tmp/closeopen-fgzlg05n/repo/packages/core/src/plugin/provider/openai.ts:125 → /tmp/closeopen-fgzlg05n/repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #31f2bfd0c09663f7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-fgzlg05n/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-fgzlg05n/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 94 low-confidence finding(s)
low env_fs production #b8ece95560eb3852 Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f68f25669f6e66a0 Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cc59df3adb7876f Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd3576c5cec6aba8 Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61cfc23efe9f4972 Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfc85a6f2cd3f264 Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7744f58598e0ad8 Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0bec086ab3258c0 Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a7cc5ae2752c3d2 Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ad5986aab38852b Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4c557575da1abce Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b61cbd254827fcf Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #134bfa4a32075b63 Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd6abdecdecfb173 Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3b405d045fa3db0 Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5b1cfe2c8d6ca43 Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11d4dd69e7ab52c3 Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28880b98a1db394a Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7432fad4d953ddc2 Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f851b24110bd24a1 Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d4314720f15be18 Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4cf28b6d0a6f802 Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63279cbf7c56d3d0 Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7c3218c2c9f6baa Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5a4a28a2dd0729d Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebc71d675a21ba18 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8023fccea33f57a8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec21ae2996b5a52e Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8435897061ac48bd Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c2bb7ff4c54717f Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6fef8c231a0f44b Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d899e6587327728 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d2f4ea67914cbe5 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #943991113874cfcb Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2e7ca3a8c98ee50 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #070ed01da15fdac5 Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #051aa99e943a16e4 Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa25a6ed52d44704 Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b78ca1938a1bd073 Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ae7fb6ba22b702 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4057b31163d7cfa4 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38fa2e875c5576a9 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a0ee7ec9b9546a7 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f37605b493e16cf Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5d68f9b788f317b Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0819d4489d9f43a Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99f00f22d405b53e Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a75b8277ceaab590 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bc8a80beeab8e34 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10325f20a1885939 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e3aef6f62e97621 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d4159f0c5de9c1 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0caa644997aefaab Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f8a945db27908ee Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f530eefd82d58fc7 Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55390898e839dd79 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1466cb18fedaa842 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4973170d56e727df Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb11bf89bd419a8b Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9639ffb13a13453d Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #460e32f5e03df7cf Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffa2e6bb551d4077 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4af95d1caeb20284 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #950e73b4afa216f4 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1933266883d44182 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ac654b30cfd84ae Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc9d4071711fcf86 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6227ae044c94b7be Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fbd1b51ccbe0486 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #acafba8098d481e0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d60ae5dbf668bdc2 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7cb5e96dd368099 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc93fb6560ddbab2 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6da62dd3db987c0 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #536f5a9c59fbbe44 Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e3801fc0427c03c Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e2accb05ee60ced Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6125e0cb2ea69bab Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06633061aa9ae503 Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ab0ebb16c71cf95 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dab47989a2281531 Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40cbf6fc03659074 Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7abc7a9a58051d4c Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e8efea54da5a144 Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9481ac0589c84600 Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41c8cc4143678b80 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97ba1dd3e2759238 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a8884a387bfd08d Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4827901b2652d03b Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4ebf2ca8aa37955 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #20143064d6f50ba9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #57fc202c833b76be Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e75a2c844056a0c5 Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f7c020221e903b1 Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ui

npm first-party
high pii_flow production #2471af27df2ac117 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:49 · flow /tmp/closeopen-fgzlg05n/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-fgzlg05n/repo/packages/ui/vite.config.ts:49
  const providers = await fetch(`${url}/api.json`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #27514cbe787bb748 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ui/vite.config.ts:54 · flow /tmp/closeopen-fgzlg05n/repo/packages/ui/vite.config.ts:48 → /tmp/closeopen-fgzlg05n/repo/packages/ui/vite.config.ts:54
      fetch(`${url}/logos/${provider}.svg`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 3 low-confidence finding(s)
low env_fs production #e34ccd9602517da7 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1e486c844ac86fe Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0de706763f9ae7f Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
high pii_flow production #d81f33d9ecbf4e03 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/cli/script/generate.ts:5 · flow /tmp/closeopen-fgzlg05n/repo/packages/cli/script/generate.ts:1 → /tmp/closeopen-fgzlg05n/repo/packages/cli/script/generate.ts:5
  : await fetch(`${modelsUrl}/api.json`).then((response) => response.text())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 8 low-confidence finding(s)
low env_fs production #32b7ad3d238bcb5c Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c4d98c37f07d75d Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6111498c8ab1e85 Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d99b8b75da2de3e3 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279c8fa4e566072f Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5afbef1dd27d00b Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a4e3ab45ea9319a Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75028ca63a82ded2 Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/app

npm first-party
high pii_flow production #177e56c51bac197b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-fgzlg05n/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-fgzlg05n/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 1 low-confidence finding(s)
low egress production #1185d8a29514cf12 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/app

npm first-party
medium telemetry production #e460fefed1a7877d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #efe037f03cb820ef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3b59c02c6f63c431 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #02216aa397d5c318 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 68 low-confidence finding(s)
low env_fs production #28145582efe8ecd0 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a445be08fe6a1e21 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0beea3f36979b42 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5720daefc2b6a79 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69a36915c77c9fab Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76e256ab4ebbd632 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca7b7fb9f70b91b6 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca655176bbfba7cd Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8417d2f8850a5192 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e5867ac71b8273f Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f028ad4d2f439b70 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0562b58edbe54113 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e97f3acee48467a0 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e30497fab688ad19 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15b8909220c7a1aa Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb5a351111dad557 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14ecca51944ad06b Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68e3db4c03720dcb Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2466fc713ab37bcc Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7310b87a54444d5 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #058473341c7ca076 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a4d685779682793 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21540b0037bbcb03 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3a3be4299eec12b Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #680ea0c3ad82ce16 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e30683f68267ccfa Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8e2504237b1041d Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a96b7dee151decd Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0f637c88f5fd308 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2283d06a08f9efe0 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c4e1abbda2b5c50 Environment-variable access.
repo/packages/app/e2e/regression/file-browser-sidebar-tab-switch.spec.ts:10
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b10fb5c95791344 Environment-variable access.
repo/packages/app/e2e/regression/legacy-new-session.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2feac565d8667ba Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51217d8e18e2ce60 Environment-variable access.
repo/packages/app/e2e/regression/review-open-file.spec.ts:10
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ce231c20d105133 Environment-variable access.
repo/packages/app/e2e/regression/review-state-persistence.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #492b441347952001 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24325573fc71a012 Environment-variable access.
repo/packages/app/e2e/regression/session-request-docks.spec.ts:106
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c39fb2a2bd5f335 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:56
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c2a8f3914010c1e Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce8096ee969ac8a2 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78217546f21b8072 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #630288932cdd1d84 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7e68cf21e302fb2 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aef4ca64ef5c7a94 Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce01ae82d2f48b1d Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:50
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb00af9ef456d281 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:52
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cdf50f2a4af05c6 Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3520a09d5ff84d40 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dda07c36d9d827c5 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42de2e7e4b3e227b Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #617fa9b761200dfd Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #343c5ff83a6839a4 Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16f27245ae9db8ea Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3805deed9ad80886 Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #741ca2be716d6d8a Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83b20b7b377c53b4 Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e2eae71cf1e9639 Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6fb283d1e7bde71 Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3134a5b38ec3394 Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4593e4b94ccf58a Environment-variable access.
repo/packages/app/src/i18n/parity.test.ts:45
describe.skipIf(!!process.env.CI)("i18n parity", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #621567697937f408 Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97d5fa41eb70246d Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a34a6a5394dc783 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8770c7f51e3a02ed Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69885b4574bf58d6 Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77d8b9fa205e57bd Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ddbdf982522350b Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4b498119abd62cb Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/session-ui

npm first-party
medium telemetry production #24af5795b22219e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1 low-confidence finding(s)
low env_fs production #960e4d3cc5208067 Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/enterprise

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #131aaf5abdda779e Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5a118cf864ec3de Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/function

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #af4065de4875f015 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/http-recorder

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #fdeb604064827843 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #709d260261c6dea1 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7235743d5df67d2 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87c82fa71503e760 Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/llm

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #7f13e1b242c1db34 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a14b1ee25977092a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5b7e293c06400e2a Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/script

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #7d59fa1ac3b1e820 Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9ffa470b5e2d397 Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a079f3e592d98e0 Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28a6fcc2c4658b3e Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #39f3995a0527f942 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/server

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #470843c35e788501 Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e72ba9473351e24 Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/slack

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs production #1930a2b97bc16b66 Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #140198d85829caa7 Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49873cf45e3b6dd8 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6d9850bcb226a96 Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43f2c7938062ee97 Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a57584b3654049d4 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/core

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs production #d7fa73759a377baa Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:282
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dcdbf7284d3c011 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ca1f4b8427f57a8 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01baed4701b1e75c Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ec4f47daecfddd2 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a21de91645938616 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11bb0c5bc2b0b0bc Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99f5829d3660f4bb Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ebc58f6873cd15 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8feafef7598d8a3 Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/storybook

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #cd9f8f4b5b95ad87 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c01a8a053a0bbd3 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/tui

npm first-party
expand_more 27 low-confidence finding(s)
low env_fs production #1f441e648188f629 Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d516e4ce008a85e Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7811af335593edd4 Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e13912c27e2a29ed Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #046747a7e6630959 Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15c1ffb53814b34 Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb4c19f56b3181be Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e6639626c9412ff Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ac6edb8959ccfb0 Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ede8efee776d856d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0062881278f351cd Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #954b970a2dece450 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #978b805543eb51cf Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f30b5f914cb38425 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c616ae67fca17baa Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dd390bf465e0203 Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94a72b2db546c17b Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #511492c47100012e Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f181836cff07252a Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #798f4465d62e0571 Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0196f297ef39a507 Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0154318e614d78c5 Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d36e93319e1e187 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ed21341ca940ff0 Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c586b48f5b936874 Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8d95c1d17547341 Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87030c0ffbbfb3c5 Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #4cebc264452f5fd4 Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

ai-gateway-provider

npm dependency
high pii_flow dependency Excluded from app score #8747138e70271c79 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:145 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151
		const response = await fetch(rbac_url, {
			body: JSON.stringify(body),
			headers,
			method: "PUT",
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #31e0ada42d23531a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-consumer-todo-list/api/TodoService.ts:27 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-consumer-todo-list/api/TodoService.ts:27 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-consumer-todo-list/api/TodoService.ts:27
		await this.env.TODOS.put(this.userID, JSON.stringify(sorted));

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #2ab00d902ebea49f User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:26 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23
				const response = await fetch(`${this.env.API_BASE_URL}/api/todos`, {
					headers: {
						// The Auth0 Access Token is available in props.tokenSet and can be used to call the Upstream API (Todos API).
						Authorization: `Bearer ${this.props!.tokenSet.accessToken}`,
					},
				});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #2f4182e725f9e67c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:56 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54
				const response = await fetch(`${this.env.API_BASE_URL}/api/billing`, {
					headers: {
						Authorization: `Bearer ${this.props!.tokenSet.accessToken}`,
					},
				});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #f721853925511177 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:244 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255
		return fetch(
			`https://gateway.ai.cloudflare.com/v1/${config.accountId}/${config.gatewayId}`,
			{
				...init,
				headers: {
					"Content-Type": "application/json",
					...headers,
					...cacheHeaders,
					...(config.cfApiKey
						? { "cf-aig-authorization": `Bearer ${config.cfApiKey}` }
						: {}),
				},
				body: JSON.stringify(request),
			},
		);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #04b6ee295671ae3c User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:34 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31
	const response = await fetch(`${WORKERS_AI_REST_BASE}/${config.accountId}/ai/run/${model}`, {
		method: "POST",
		headers: {
			Authorization: `Bearer ${config.apiKey}`,
			"Content-Type": "application/json",
		},
		body: JSON.stringify(body),
		signal: options?.signal,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #769e71f8c5e75207 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:74 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71
	const response = await fetch(`${WORKERS_AI_REST_BASE}/${config.accountId}/ai/run/${model}`, {
		method: "POST",
		headers: {
			Authorization: `Bearer ${config.apiKey}`,
			"Content-Type": contentType,
		},
		body: audioBytes,
		signal: options?.signal,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow dependency Excluded from app score #0ec3fa0ef0e301d6 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:243 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240
	const response = await fetch(url, {
		method: "POST",
		headers: {
			Authorization: `Bearer ${config.apiKey}`,
			"Content-Type": contentType,
		},
		body: audioBytes,
		signal,
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 19 low-confidence finding(s)
low egress dependency Excluded from app score #1d2ef064ed4b20a6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/mcp-slack-oauth/src/slack-handler.ts:210
	const response = await fetch("https://slack.com/api/oauth.v2.access", {
		body: new URLSearchParams({
			client_id: c.env.SLACK_CLIENT_ID,
			client_secret: c.env.SLACK_CLIENT_SECRET,
			code,
			redirect_uri: new URL("/callback", c.req.url).href,
		}).toString(),
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
		},
		method: "POST",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #01f9303b9d0c8555 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/mcp-slack-oauth/src/slack-handler.ts:289
	const response = await fetch("https://slack.com/api/oauth.v2.access", {
		body: new URLSearchParams({
			client_id: env.SLACK_CLIENT_ID,
			client_secret: env.SLACK_CLIENT_SECRET,
			grant_type: "refresh_token",
			refresh_token,
		}).toString(),
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
		},
		method: "POST",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7e8053fdf98d6827 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/model-scraper/src/index.ts:178
		const response = await fetch(apiUrl, {
			method: "GET",
			headers: {
				"Content-Type": "application/json",
				Authorization: `Bearer ${token}`,
				Accept: "application/vnd.github+json",
				"User-Agent": "model-scraper",
				"X-GitHub-Api-Version": "2022-11-28",
			},
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2b4a2312b421681b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-google-oauth/src/google-handler.ts:181
	const userResponse = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", {
		headers: {
			Authorization: `Bearer ${accessToken}`,
		},
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8e6620f1a7d90d31 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-server-descope-auth/src/descope-utils.ts:20
	const upstream = new URL("https://api.descope.com/oauth2/v1/apps/authorize");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #58ad0078a751cc1a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-server-descope-auth/src/descope-utils.ts:54
	const resp = await fetch("https://api.descope.com/oauth2/v1/apps/token", {
		body: JSON.stringify({
			code,
			grant_type: "authorization_code",
			redirect_uri,
		}),
		headers: {
			Authorization: `Bearer ${project_id}:${management_key}`,
			"Content-Type": "application/json",
		},
		method: "POST",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e40395d15634a5c2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-server-descope-auth/src/descope-utils.ts:89
	const resp = await fetch("https://api.descope.com/oauth2/v1/apps/userinfo", {
		headers: {
			Authorization: `Bearer ${accessToken}`,
		},
		method: "GET",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1ef29882a2a3c079 Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:5
if (!process.env.CLOUDFLARE_API_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2c32bb6d8204572 Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:9
if (!process.env.CLOUDFLARE_ACCOUNT_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0f3b3c133f30df9 Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:14
	accountId: process.env.CLOUDFLARE_ACCOUNT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d80df661e14d24b Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:15
	apiKey: process.env.CLOUDFLARE_API_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c5527854973ff78c Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/aicli/src/npm.ts:69
		const cfg = Config.parse(JSON.parse(await fs.readFile(this.configPath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #006b0477c8c9d35d Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/aicli/src/npm.ts:76
		await fs.writeFile(
			this.configPath,
			JSON.stringify(
				Config.parse({
					demos: this.demos,
				} satisfies Config),
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #993a45ed8569161c Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:34
					const templateContent = await fs.readFile(srcPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #13a05c3a03841476 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:37
					await fs.writeFile(destPath, compiledContent, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #33610072cb0b42b6 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:58
			const templateContent = await fs.readFile(src, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #102b65d1351a2579 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:61
			await fs.writeFile(destPath, compiledContent, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a05ecca1a9e2d2a0 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:75
	const fileContents = await fs.readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #147955c345d75d2d Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:91
	await fs.writeFile(filePath, jsonData, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@modelcontextprotocol/sdk

npm dependency
high pii_flow tooling Excluded from app score unknown #92583a86157e16f9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:245 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215 → /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:245
        const response = await fetch(endpoint, {
            method: 'POST',
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded'
            },
            body: new URLSearchParams({
                token: token
            }).toString()
        });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling Excluded from app score unknown #9b269b1fa26cf1a1 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:643 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621 → /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:643
            const response = await fetch(endpoint, {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded'
                },
                body: new URLSearchParams({
                    token: token
                }).toString()
            });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 18 low-confidence finding(s)
low egress tooling Excluded from app score unknown #444e822695453d6a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/scripts/fetch-spec-types.ts:16
    const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #232f42af6bc13a4e Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/fetch-spec-types.ts:77
        writeFileSync(outputPath, fullContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbcb60a48ef7060b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/client/stdio.ts:71
        const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #81ca20e5585076cb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:26
const DEFAULT_SERVER_URL = process.env.MCP_SERVER_URL || 'http://localhost:3000/mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3b64b218398f055a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:29
    const clientId = process.env.MCP_CLIENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #718bc211c6b1e839 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:36
    const privateKeyPem = process.env.MCP_CLIENT_PRIVATE_KEY_PEM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #aab13329d6fd4fd7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:38
        const algorithm = process.env.MCP_CLIENT_ALGORITHM || 'RS256';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2c266877ee2e0631 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:48
    const clientSecret = process.env.MCP_CLIENT_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c9d8eb14137532b6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationFormExample.ts:350
    const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1bb92bf68561f5d6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2528343187989d17 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:216
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unknown #d33700edfc87deaf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:681 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215 → /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:681
app.post('/mcp', authMiddleware, mcpPostHandler);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs tooling Excluded from app score unknown #837b25d2431e41f4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/honoWebStandardStreamableHttp.ts:69
const PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #87fbf9ac60f248a9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8247b3ac6bcebf55 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:622
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unknown #3886731fea4dcb50 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:778 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621 → /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:778
    app.post('/mcp', authMiddleware, mcpPostHandler);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs tooling Excluded from app score unknown #7622844f0b510435 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleTaskInteractive.ts:448
const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 8000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dedf43494cfda760 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/server/auth/router.ts:12
    process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === 'true' || process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@openauthjs/openauth

npm dependency
high pii_flow dependency Excluded from app score #09db980a25a28339 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 → /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
        const json: any = await fetch(config.endpoint.token, {
          method: "POST",
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Accept: "application/json",
          },
          body: body.toString(),
        }).then((r) => r.json())

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #d1e69f821df4bb32 Environment-variable access.
pkgs/npm/@[email protected]/src/client.ts:550
  const issuer = input.issuer || process.env.OPENAUTH_ISSUER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6963739aad9ffdb9 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:491
  if (process.env.OPENAUTH_STORAGE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #894f2171e29fcf04 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:492
    const parsed = JSON.parse(process.env.OPENAUTH_STORAGE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50f6161e8e18ed7a Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:31
  if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acdf582912cf6a56 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:33
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #941e39d93503cbec Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:34
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2509637a510c155 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:35
      sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e4818af400ba433 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:36
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ded04fe89b37371 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:40
  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbb013a3f3897fa9 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:43
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bc05d759f864cc6 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:49
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03550851359e679a Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:59
      const file = readFileSync(input?.persist)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ded985259e9b2f8f Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:67
    await writeFile(input.persist, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@openrouter/ai-sdk-provider

npm dependency
high pii_flow dependency Excluded from app score #7b5c004648a02e25 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18 → /tmp/closeopen-fgzlg05n/pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16
    const response = await fetch(url, {
      headers: {
        Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}`,
      },
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 120 low-confidence finding(s)
low env_fs dependency Excluded from app score #c4b98fa8f326403c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/cache-control.test.ts:38
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b7bdeebdc217ef0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/cache-control.test.ts:39
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #303b4dd2a23c5987 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/embeddings/index.test.ts:8
  apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5654e02f149671bf Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/embeddings/index.test.ts:9
  baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0fcc3ac12cbd14b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:38
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a5be21fc7e37264 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:39
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c21139fbde0406a4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:132
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a4000e70972206e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:133
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #637c550ef77b6d69 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-160-toolcallid-uniqueness.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac6004f9d36b0c32 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-160-toolcallid-uniqueness.test.ts:26
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab8c826c22bc810 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-166-finish-reason-null.test.ts:38
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5161c5050e91cd06 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-166-finish-reason-null.test.ts:39
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df54d221cb44922d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-171-cache-tool-key-ordering.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e37df46505fa0efb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-171-cache-tool-key-ordering.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4674354c7f52a638 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-190-streamobject-flush-error.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef365e34bbff6908 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-190-streamobject-flush-error.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ab3b4784e346a21 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-194-grok-invalid-json.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #442c9310687a1da2 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-194-grok-invalid-json.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b79a00b7800a596d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-196-anthropic-1h-cache-ttl.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28575114aa167cc3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-196-anthropic-1h-cache-ttl.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #863df17bfa77a094 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-199-openai-pdf-processing.test.ts:29
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cd2f15a80f79b72 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-199-openai-pdf-processing.test.ts:30
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7ad21f816d01b57c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-199-openai-pdf-processing.test.ts:35
    const pdfBlob = await fetch('https://bitcoin.org/bitcoin.pdf').then((res) =>

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #09c4b800d68e26fa Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-212-anthropic-web-search-online.test.ts:34
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f76c345a0e71592b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-212-anthropic-web-search-online.test.ts:35
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ad38fff8dd043b0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-234-prompt-caching.test.ts:40
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d153911ed4eb609 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-234-prompt-caching.test.ts:41
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #075e12457e4df47a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:19
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d0e334c8c9dbfe0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:20
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6342d9ccb5eecf8d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-248-gemini-web-search-empty-response.test.ts:28
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bad130a427f145c5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-248-gemini-web-search-empty-response.test.ts:29
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d8cf29a63b1caa9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-269-image-size-parameter.test.ts:78
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4586c68d2787f5b8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-287-tool-calls-missing-arguments.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f58f26e334356809 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-287-tool-calls-missing-arguments.test.ts:26
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aadf99fd811daab5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-341-cache-control-last-text-part.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8591ec59f9db6ac1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-341-cache-control-last-text-part.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e8ffb971c23a83 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-383-video-url-support.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0cd5fd474864a99 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-386-image-files-parameter.test.ts:80
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c3891b0fd002f47 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-387-temperature-settings.test.ts:32
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b80bce671cb9bed Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-389-system-cache-control.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9da585ded2247e0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-389-system-cache-control.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebc0ccce746e173a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-391-reasoning-effort-values.test.ts:28
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd2a7790f21ce5a3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-391-reasoning-effort-values.test.ts:29
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #238ac5600411c174 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-392-auto-router-plugin.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f56b1f51c19206a9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-392-auto-router-plugin.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff2051bebc5c4e11 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-394-reasoning-end-signature.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #721786633076d6fd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-394-reasoning-end-signature.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62605aaca3f56ca7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-407-token-usage-details.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b401493bc3c88a5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-407-token-usage-details.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a480866e988e0e53 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-411-output-object-tools-conflict.test.ts:24
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #226bfcced5111f41 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-411-output-object-tools-conflict.test.ts:25
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1192454de3a16962 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-418-gemini-thought-signature.test.ts:29
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04b46eb281a76138 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-418-gemini-thought-signature.test.ts:30
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcab1165bdc85550 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-420-finish-reason-usage-fallback.test.ts:40
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0e7ff8f827a4650 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-420-finish-reason-usage-fallback.test.ts:41
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d056ce67a47a0fb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-usage-fallback.test.ts:23
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dcb9fa9b251f216 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-usage-fallback.test.ts:24
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8373e4ce0dc4d99a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-422-incomplete-error-information.test.ts:23
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef4277852ad95e99 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-signature-stripped.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bbbc7ff80f84576 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-signature-stripped.test.ts:26
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1c70879b361ce0c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-streaming-signature-loss.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4e79685fb79e791 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-streaming-signature-loss.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee7c4d1979cb1289 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-uimessage-roundtrip.test.ts:29
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4ee6b328d62a6dd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-uimessage-roundtrip.test.ts:30
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21a91ee4c1c3dfed Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-424-anthropic-auto-cache.test.ts:22
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #851f713b7d1e9c08 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-424-anthropic-auto-cache.test.ts:23
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693051ba95259ab1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-432-raw-response-body.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dede7db6a9560c1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-438-gemini-reasoning-redacted.test.ts:23
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d9a7d9027a29203 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-438-gemini-reasoning-redacted.test.ts:24
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a44fe7c1b1c6a5a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-439-exact-payload.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3c92fc17941687c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-439-exact-payload.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59741f8b20a30e1d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-453-signature-reopen.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb7dd5ba08600466 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-453-signature-reopen.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #996d25fd22f3b870 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-474-web-search-server-tool.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cee6a122f72e2ea2 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-474-web-search-server-tool.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56d297ef5895cac5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-63-web-search-annotations.test.ts:24
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bf5ce8ed6f69cf0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-63-web-search-annotations.test.ts:25
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58c2cf36a8b9444b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:166
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72f616ba98676ac5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:167
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b4ed22f8877ac02 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:232
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d35244d11efb2352 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:233
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8599ba0b04799b0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:304
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90c697b14fc9d58d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:305
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8cadf42d224d27e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:366
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1baa44d124ec3d1f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:367
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ee7162f08c29be8 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:4
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9f9cfd968e91794 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:14
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70e830b2ff5f1784 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:15
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #699e1e634df3adc9 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:24
  const pdfBlob = await fetch('https://bitcoin.org/bitcoin.pdf').then((res) =>

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9d7b26e438e360c5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:70
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d828cd8c4f30d6f6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:71
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94642738302d2e95 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:90
  const metadataText = await readFile(metadataPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1249d5cc0ff85fa5 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:98
  const pdfBuffer = await readFile(pdfPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da5a6114019afa9e Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:4
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6b4e0051fa8e94a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:14
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e1d9c275c6426a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:15
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #72634ecc3016699f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:33
        data: new URL('https://bitcoin.org/bitcoin.pdf'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c1c87d7d739901f2 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:56
  await writeFile(
    new URL('./output.ignore.json', import.meta.url),
    JSON.stringify(messageHistory, null, 2),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa7942980cd28ca Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:12
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66ec0f9e0801c64b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:13
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #164e479662b229b5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:55
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb95291447f89926 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:56
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97819324aaf9d6f1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:98
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #911ac6ec7c58e1af Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:99
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78cc85065a1b5124 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-multiturn/index.test.ts:14
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67779c5b9ab97ac7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-multiturn/index.test.ts:15
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf19d6e31cc47b9f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools-with-reasoning.test.ts:24
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4684fbbcf1570f2 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools-with-reasoning.test.ts:25
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62ae521f403fca54 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools.ts:8
  apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b8a85cdf1342536 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools.ts:9
  baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d32086bb26b38963 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/usage-accounting.test.ts:11
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #281cbfa4d8768354 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/usage-accounting.test.ts:12
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dea5ac60b3a1bd2 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/utils.ts:12
  writeFile(
    new URL(fileName ?? './output.ignore.json', baseUrl),
    JSON.stringify(fileData, null, 2),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f37c23d4e7509241 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:11
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07694bb546a9cb60 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18
        Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #227453e4df2975ad Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:2
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03e2b01bedb2a2a3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:13
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cd968a1c6bb21e3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:14
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d70f6087350730a2 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:45
    await writeFile(
      new URL('./output.ignore.json', import.meta.url),
      JSON.stringify(sources, null, 2),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec2fe2ad3e9e7b97 Filesystem access.
pkgs/npm/@[email protected]__reposrc/tsup.config.ts:5
  readFileSync(new URL('package.json', import.meta.url), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai

npm dependency
high pii_flow dependency Excluded from app score #0f1c6fc59c5f09b7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

hono

npm dependency
high pii_flow dependency Excluded from app score #ca3aeee7aa56ac8d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]__reposrc/runtime-tests/node/index.test.ts:236 · flow /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/runtime-tests/node/index.test.ts:236 → /tmp/closeopen-fgzlg05n/pkgs/npm/[email protected]__reposrc/runtime-tests/node/index.test.ts:236
    return fetch(`http://${serverInfo.address}:${serverInfo.port}/${c.req.param('file')}`)

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 9 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #7c957a34dda42125 Filesystem access.
pkgs/npm/[email protected]__reposrc/benchmarks/http-server/benchmark.ts:90
  writeFileSync(join(TEMP_DIR, 'body.json'), '{"hello":"world"}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #63f590bb0798660e Filesystem access.
pkgs/npm/[email protected]__reposrc/benchmarks/http-server/benchmark.ts:125
  writeFileSync(appPath, getAppTemplate())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ff770ce503094ee0 Filesystem access.
pkgs/npm/[email protected]__reposrc/benchmarks/http-server/benchmark.ts:315
    writeFileSync(join(SCRIPT_DIR, 'benchmark-results.md'), markdownOutput)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #508ac668ddd492ff Filesystem access.
pkgs/npm/[email protected]__reposrc/perf-measures/type-check/scripts/generate-app.ts:22
writeFile(path.join(import.meta.dirname, '../generated/app.ts'), routes, (err) => {
  if (err) {
    throw err
  }
  console.log(`${count} routes have been written to app.ts`)
})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3a3a747379b3f272 Environment-variable access.
pkgs/npm/[email protected]__reposrc/perf-measures/type-check/scripts/process-results.ts:9
  const tsImplLabel = process.env['BENCHMARK_TS_IMPL_LABEL']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4809117ddae206a3 Filesystem access.
pkgs/npm/[email protected]__reposrc/runtime-tests/bun/index.test.tsx:2
import fs from 'fs/promises'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeb84c58793f4c9e Filesystem access.
pkgs/npm/[email protected]__reposrc/src/adapter/deno/ssg.ts:13
    await Deno.writeFile(path, uint8Data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ed49429f56baaa Filesystem access.
pkgs/npm/[email protected]__reposrc/src/helper/ssg/ssg.ts:329
    await fsModule.writeFile(filePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4985874133e12024 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/helper/ssg/ssg.ts:331
    await fsModule.writeFile(filePath, new Uint8Array(content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@actions/core

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #aafdbd31b42363c8 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:67
    process.env[name] = convertedVal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92405d8655b12a42 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:68
    const filePath = process.env['GITHUB_ENV'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c1bb3a8ac6d2ab3 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:88
    const filePath = process.env['GITHUB_PATH'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f940d98397e8a578 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:95
    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db0af2e8c8a4130d Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:108
    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aad2203d58e381d Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:166
    const filePath = process.env['GITHUB_OUTPUT'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c576cb6a14c6b389 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:203
    return process.env['RUNNER_DEBUG'] === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a3cffb41f40859 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:300
    const filePath = process.env['GITHUB_STATE'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a3d6b8863c86281 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:314
    return process.env[`STATE_${name}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c272b2bbaa93aede Filesystem access.
pkgs/npm/@[email protected]/lib/file-command.js:31
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9c25e117926dc5d Environment-variable access.
pkgs/npm/@[email protected]/lib/file-command.js:35
    const filePath = process.env[`GITHUB_${command}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #346dba35dfec0328 Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:25
        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4e4bad6a476b106 Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:32
        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af8ccf9fc123473c Filesystem access.
pkgs/npm/@[email protected]/lib/summary.js:14
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10ce1f5ad55ef80b Environment-variable access.
pkgs/npm/@[email protected]/lib/summary.js:33
            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@actions/github

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #5b2f257d87430487 Filesystem access.
pkgs/npm/@[email protected]/lib/context.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22ff2e837e5ee9e0 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:13
        if (process.env.GITHUB_EVENT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e26a09bbefb9634c Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:14
            if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #233351fec00fe29c Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:15
                this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84bdece5783d5f89 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:18
                const path = process.env.GITHUB_EVENT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ffa01865d074357 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:22
        this.eventName = process.env.GITHUB_EVENT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26129f18bb713694 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:23
        this.sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #781d8c0f2269ece8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:24
        this.ref = process.env.GITHUB_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111e0e0549c57dc6 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:25
        this.workflow = process.env.GITHUB_WORKFLOW;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe4b1d80bcaa686 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:26
        this.action = process.env.GITHUB_ACTION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6560637652b73af Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:27
        this.actor = process.env.GITHUB_ACTOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ae270a96d39a99 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:28
        this.job = process.env.GITHUB_JOB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb67bb6f904e5670 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:29
        this.runAttempt = parseInt(process.env.GITHUB_RUN_ATTEMPT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2f02d209a3d72dd Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:30
        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a476f126a09fde Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:31
        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc872231e2a091ea Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:32
        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30de57ceaf14bd7a Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:33
        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e6ac9fac22114d8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:35
            (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ddeffe264ea3faf Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:42
        if (process.env.GITHUB_REPOSITORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af749e7cfc4d69f5 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:43
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55f04d9afe0583a0 Environment-variable access.
pkgs/npm/@[email protected]/lib/internal/utils.js:67
    return process.env['GITHUB_API_URL'] || 'https://api.github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@agentclientprotocol/sdk

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #d67e935bd840004c Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:4
import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #905435aa4f0f2243 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:17
  const metadata = JSON.parse(await fs.readFile("./schema/meta.json", "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #68265e0e5b071d75 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:19
  const schemaSrc = await fs.readFile("./schema/schema.json", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #268fce1f4920a186 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:46
    await fs.readFile("./schema/schema.json", "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d6e52656de22c1fe Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:50
  const zodSrc = await fs.readFile(zodPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fb84fb6631fc09b0 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:72
  await fs.writeFile(zodPath, zod);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9804855450bcde3e Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:75
  const tsSrc = await fs.readFile(tsPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #497b7a0614575759 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:86
  await fs.writeFile(tsPath, ts);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b82706555061bf3c Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:98
  const indexSrc = await fs.readFile(indexPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #abb52403a37d95f9 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:99
  await fs.writeFile(
    indexPath,
    `${indexSrc.replace(/\s*ClientOptions,/, "")}\n${meta}`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a39b5632a3e80d15 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:125
  await fs.writeFile(outputPath, response.body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/google-vertex

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #961d1bb7d8a2c9af Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/edge/google-vertex-auth-edge.ts:139
    const response = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: withUserAgentSuffix(
        { 'Content-Type': 'application/x-www-form-urlencoded' },
        `ai-sdk/google-vertex/${VERSION}`,
        getRuntimeEnvironmentUserAgent(),
      ),
      body: new URLSearchParams({
        grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        assertion: jwt,
      }),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@ai-sdk/togetherai

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #5b455880d4c3aea1 Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:105
  if (typeof process.env.TOGETHER_API_KEY === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b7ac3685ee24ddc Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:108
  const key = process.env.TOGETHER_AI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@aws-sdk/credential-providers

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #9728d27d71c2da2b Environment-variable access.
pkgs/npm/@[email protected]/dist-cjs/fromTemporaryCredentials.js:8
    return (0, fromTemporaryCredentials_base_1.fromTemporaryCredentials)(options, fromNodeProviderChain_1.fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => (0, config_1.loadConfig)({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cb7fa27b9562bf8 Environment-variable access.
pkgs/npm/@[email protected]/dist-es/fromTemporaryCredentials.js:5
    return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@clack/prompts

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #65b78433ca23b681 Environment-variable access.
pkgs/npm/@[email protected]__sourcemap/src/common.ts:7
export const isCI = (): boolean => process.env.CI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ff-labs/fff-bun

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #86b06bd5a8c3bcef Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:171
  const nvimCache = process.env.XDG_CACHE_HOME || join(homedir(), ".cache", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #42900a7a2f1c1daa Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:173
    process.env.XDG_DATA_HOME || join(homedir(), ".local", "share", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/core

npm dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #699f90699ec4499e Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:714
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #105ae019c3b1c476 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:719
import { existsSync as existsSync3, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df373c61dcd85d50 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:5935
  const envValue = process.env[config.name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d845cfe85800d2b8 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:7917
import { existsSync as existsSync2 } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc21e9f8265eaa70 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11808
  const libc = process.env.OPENTUI_LIBC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a84c814e1595d7d4 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11823
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7988527d0e95aa19 Environment-variable access.
pkgs/npm/@[email protected]/index-d5xqskty.js:11830
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfdf129b48c5f405 Filesystem access.
pkgs/npm/@[email protected]/index-d5xqskty.js:13284
      writeFileSync(logPath, msg + `
`, { flag: "a" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc14d3900ab3aec Filesystem access.
pkgs/npm/@[email protected]/index-xt9f071j.js:5371
      fs.writeFileSync(filepath, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #653a0eacaf9ac00b Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6658
  if (process.env.OTUI_USE_ALTERNATE_SCREEN !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c792f5dd185566e4 Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:6663
  if (process.env.OTUI_OVERRIDE_STDOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6905a18b722d99 Environment-variable access.
pkgs/npm/@[email protected]/index-xt9f071j.js:7208
      const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #276c504439344a50 Filesystem access.
pkgs/npm/@[email protected]/index.js:2643
    const bytes = await readFile(filePath).catch((err) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a355d757e38dd84 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:5
import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68db340967be8a7c Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:9
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #840b370611f9c6df Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:35
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70db433740ea85e1 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:49
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #382d628213374c04 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:61
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0818febb403ba3af Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:79
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a02fd0ac953acc Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:88
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1c11cba64a8d343 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:89
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89d32f2aed966f7e Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:118
import { readdir } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97b676f78d48fd3e Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:142
    const configContent = await readFile2(resolvedConfigPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6626000d60f5463c Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:170
        const content = await readFile2(localPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee85bd010b70c67e Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:204
  await writeFile2(queryPath, combinedContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #530511f0828343ec Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:276
  await writeFile2(outputPath, fileContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7fe31dbb6f38f29 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:44
import { mkdir as mkdir3 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccf78f82964edf69 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:48
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72305e656d099ffe Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:74
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68892b2229e5f358 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:88
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8d9472329e9725b Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:100
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da4307a843089d45 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:118
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da8bad4121c5b265 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:127
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eda9d92e748337c0 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:128
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e6ecd20b3af6d4c Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:322
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #677251c756c316a4 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:113
                const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b637fca94a0a90d0 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:374
                    contents = readFileSync(normalizedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #619817d19be12e18 Environment-variable access.
pkgs/npm/@[email protected]/index.bun.js:517
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbac0e3959551305 Environment-variable access.
pkgs/npm/@[email protected]/index.js:491
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@parcel/watcher

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #e91b613bd51a1459 Environment-variable access.
pkgs/npm/@[email protected]/scripts/build-from-source.js:5
if (process.env.npm_config_build_from_source === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@pierre/diffs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #88606f33c4439e5b Environment-variable access.
pkgs/npm/@[email protected]__sourcemap/src/constants.ts:16
    return process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@silvia-odwyer/photon-node

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7edf8796dc8fb068 Filesystem access.
pkgs/npm/@[email protected]/photon_rs.js:4513
const bytes = require('fs').readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@standard-schema/spec

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #109f40b76cd3ced3 Filesystem access.
pkgs/npm/@[email protected]__reposrc/packages/web/app/page.tsx:45
  const md = readFileSync(mdPath, "utf-8").split("<!-- start -->")[1];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66a873c8c7b59598 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:11
  return process.env.NODE_ENV === "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a7bb19b1bc8e096 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:15
  return process.env.CF_PAGES_BRANCH !== "main";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #402b15beb3ee08ce Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:19
  return process.env.CF_PAGES_BRANCH === "main";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f06f99a6a6f19295 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:28
    return process.env.CF_PAGES_URL!;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #9002cf3eaa54c69a Filesystem access.
pkgs/npm/[email protected]/esm/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d102784e5da8c3c4 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:1
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48a8c0ea4362fa0d Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:2
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e9982cf6956ea2 Filesystem access.
pkgs/npm/[email protected]/esm/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb294c068a2ea84f Filesystem access.
pkgs/npm/[email protected]/esm/index.js:2
import { stat as statcb } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b39b309fe390337 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:3
import { stat, readdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9735453d14637e5 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:260
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311378eaf08578d2 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:270
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88c670655df7c73e Filesystem access.
pkgs/npm/[email protected]/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b11069363de2574 Filesystem access.
pkgs/npm/[email protected]/handler.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bfae12c79ea1828 Filesystem access.
pkgs/npm/[email protected]/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0fa2b26f46caf18 Filesystem access.
pkgs/npm/[email protected]/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e2b24ab5f05cc30 Environment-variable access.
pkgs/npm/[email protected]/index.js:265
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccfc842a489f9e9a Environment-variable access.
pkgs/npm/[email protected]/index.js:275
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cross-spawn

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #f094533ab0b560d6 Environment-variable access.
pkgs/npm/[email protected]/lib/parse.js:58
        parsed.command = process.env.comspec || 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee24c62061c716b3 Filesystem access.
pkgs/npm/[email protected]/lib/util/readShebang.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

drizzle-orm

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #ab467726981ddaed Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:43
  const journalAsString = import_node_fs.default.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d1a11c4b78fe613 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:48
      const query = import_node_fs.default.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bb001817e214c70 Filesystem access.
pkgs/npm/[email protected]/migrator.js:10
  const journalAsString = fs.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7d9311fca751561 Filesystem access.
pkgs/npm/[email protected]/migrator.js:15
      const query = fs.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-context-menu

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #3258ffe979d2785f Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/index.js:66
					const url = new URL('https://www.google.com/search');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

electron-log

npm dependency
expand_more 18 low-confidence finding(s)
low env_fs dependency Excluded from app score #fb8617ab883003e1 Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2cc0db842f160cb Filesystem access.
pkgs/npm/[email protected]/src/main/initialize.js:81
    fs.writeFileSync(preloadPath, preloadCode, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6e851550a6058e9 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:121
        return process.env.APPDATA || path.join(home, 'AppData/Roaming');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0963ce3c513aafcb Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:125
        return process.env.XDG_CONFIG_HOME || path.join(home, '.config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2916eec1bb99d30d Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:131
    return os.homedir?.() || process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #861ae21598ca823a Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:147
    return process.env.NODE_ENV === 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d199b16789dd232 Environment-variable access.
pkgs/npm/[email protected]/src/node/NodeExternalApi.js:148
      || process.env.ELECTRON_IS_DEV === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbcacc0f5050028a Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63371056630310a4 Filesystem access.
pkgs/npm/[email protected]/src/node/packageJson.js:39
    const json = JSON.parse(fs.readFileSync(fileName, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #685d1a26b5a4304e Environment-variable access.
pkgs/npm/[email protected]/src/node/transports/console.js:56
    useStyles: process.env.FORCE_STYLES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6affe9e74c1d8b57 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddacc6dc1503c77e Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:34
      fs.writeFileSync(this.path, '', {
        mode: this.writeOptions.mode,
        flag: 'w',
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0aa68e4a5931b07 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:96
    fs.writeFile(this.path, text, this.writeOptions, (e) => {
      file.hasActiveAsyncWriting = false;

      if (e) {
        file.emit(
          'error',
          new Error(`Couldn't write to ${file.path}. ${e.message}`),
          this,
        );
      } else {
        file.increaseBytesWrittenCounter(text);
      }

      file.nextAsyncWrite();
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08f9a5eb019dac26 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/File.js:132
      fs.writeFileSync(this.path, text, this.writeOptions);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #264d374f0583ce82 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:4
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #766200f04f576074 Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/FileRegistry.js:72
    fs.writeFileSync(filePath, '', { flag: 'a', mode: writeOptions.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff65e5f7ac0e7fce Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd47b85c56fec9bb Filesystem access.
pkgs/npm/[email protected]/src/node/transports/file/index.js:149
            lines: fs.readFileSync(logPath, 'utf8').split(os.EOL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-updater

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #9ff4d71045e87228 Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:11
        result = process.env["LOCALAPPDATA"] || path.join(homedir, "AppData", "Local");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1184235c3ce2e3ff Environment-variable access.
pkgs/npm/[email protected]/out/AppAdapter.js:17
        result = process.env["XDG_CACHE_HOME"] || path.join(homedir, ".cache");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1415e6e360694d8 Filesystem access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:7
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c30add93b791212f Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:18
        if (process.env["APPIMAGE"] == null && !this.forceDevUpdateConfig) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4800c918a21df38d Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:19
            if (process.env["SNAP"] == null) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c8d04dddb68a619 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:38
                const oldFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa0db1c68541cf7 Environment-variable access.
pkgs/npm/[email protected]/out/AppImageUpdater.js:73
        const appImageFile = process.env["APPIMAGE"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bc62f6b40011151 Filesystem access.
pkgs/npm/[email protected]/out/DownloadedUpdateHelper.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275a53816e942359 Environment-variable access.
pkgs/npm/[email protected]/out/LinuxUpdater.js:96
        const pmOverride = (_a = process.env.ELECTRON_BUILDER_LINUX_PACKAGE_MANAGER) === null || _a === void 0 ? void 0 : _a.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8148acfadaa1cfd Filesystem access.
pkgs/npm/[email protected]/out/MacUpdater.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127fd7066da224c4 Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DataSplitter.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c673805cc516a211 Filesystem access.
pkgs/npm/[email protected]/out/differentialDownloader/DifferentialDownloader.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c11a9edd114807bc Environment-variable access.
pkgs/npm/[email protected]/out/differentialDownloader/downloadPlanBuilder.js:73
const isValidateOperationRange = process.env["DIFFERENTIAL_DOWNLOAD_PLAN_BUILDER_VALIDATE_RANGES"] === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7e494de6e6a9267 Environment-variable access.
pkgs/npm/[email protected]/out/providerFactory.js:24
            const token = (githubOptions.private ? process.env["GH_TOKEN"] || process.env["GITHUB_TOKEN"] : null) || githubOptions.token;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef5ec213ae7a6cf Environment-variable access.
pkgs/npm/[email protected]/out/providers/Provider.js:32
            const arch = process.env["TEST_UPDATER_ARCH"] || process.arch;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

electron-window-state

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6d92981775d9748f Filesystem access.
pkgs/npm/[email protected]/index.js:110
      jsonfile.writeFileSync(fullStoreFileName, state);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #915ec60433cf4e9d Filesystem access.
pkgs/npm/[email protected]/index.js:159
    state = jsonfile.readFileSync(fullStoreFileName);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitlab-ai-provider

npm dependency
expand_more 23 low-confidence finding(s)
low env_fs dependency Excluded from app score #c9570216548490c2 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-direct-access.ts:61
      config.aiGatewayUrl || process.env['GITLAB_AI_GATEWAY_URL'] || DEFAULT_AI_GATEWAY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f3cbd6745882375 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:19
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a8064b1df73b033 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:41
  const cacheHome = process.env.XDG_CACHE_HOME || path.join(os.homedir(), '.cache');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c679a9bd0a1d3374 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:68
      const raw = fs.readFileSync(this.filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1472bf31b67cbc66 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:80
      fs.writeFileSync(tmpPath, JSON.stringify(data, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e431f689012fbf5 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:13
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f9f329b0fe922b9 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:56
  const cacheHome = process.env.XDG_CACHE_HOME || path.join(os.homedir(), '.cache');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #642ba5d176ac3672 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:64
    const raw = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e140f01eb861455b Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:80
    fs.writeFileSync(filePath, JSON.stringify(data, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5f1367d051a73f9 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-oauth-manager.ts:158
    const envClientId = process.env['GITLAB_OAUTH_CLIENT_ID'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8c38ed147d2f6e8 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:12
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a4e4b4594c22181 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:181
  const xdgDataHome = process.env.XDG_DATA_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #398ad78cfab86dd0 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:206
    const authData = JSON.parse(fs.readFileSync(authPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99dca30d1b30ca0b Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:277
    const authData = JSON.parse(fs.readFileSync(authPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9711a4efcbd3f5f2 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:287
    fs.writeFileSync(authPath, JSON.stringify(authData, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3ddd65871836d22 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:337
        const envApiKey = process.env[options.environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e3ce189b1b18a0a Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:356
  const apiKey = process.env[options.environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba125e6e61b937ae Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:380
    options.instanceUrl ?? process.env['GITLAB_INSTANCE_URL'] ?? 'https://gitlab.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f01a515aeadfab6f Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:452
    const apiKey = cachedApiKey || options.apiKey || process.env['GITLAB_TOKEN'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a99bc5ba78cde55 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:419
      fs.writeFileSync(safePath, content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #134d4dff56637cc5 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:442
      content = fs.readFileSync(safePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f17c876e35f99d06 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:448
      fs.writeFileSync(safePath, newString, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bcf90b7f4ffda97 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:463
    fs.writeFileSync(safePath, newContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gray-matter

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #7b78380cf374873e Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1986101bdbfe3b48 Filesystem access.
pkgs/npm/[email protected]/index.js:179
  const str = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

immer

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #1b8bbb241ec50dfe Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:269
	if (process.env.NODE_ENV !== "production" && isNaN(parseInt(prop as any)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb2204cb69a0cf8b Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:276
		process.env.NODE_ENV !== "production" &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6cc58cd2306cf8e9 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/patches.ts:37
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3225a39428cd8d05 Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:4
	process.env.NODE_ENV !== "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4fd0b6701182090 Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:42
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jose

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #f96d00bb33bc2bab Filesystem access.
pkgs/npm/[email protected]__reposrc/tap/.browser.ts:4
const script = fs.readFileSync('./tap/run-browser.js', { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #124699ce2630710b Filesystem access.
pkgs/npm/[email protected]__reposrc/tap/.edge-runtime.mjs:4
const script = fs.readFileSync('./tap/run-edge-runtime.js', { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6d8bfcebb69b464d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/tap/jwks.ts:11
    const response = await fetch(jwksUri).then((r) => r.json())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7e6e1f4bbf57b7e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/tap/jwks.ts:14
    const jwks = lib.createRemoteJWKSet(new URL(jwksUri))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #4f41f5f11cc350c2 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:5
const { readFileSync, writeFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #66f44b7fa7a85616 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:8
const readme = readFileSync('docs/README.md')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4e4a6e15befe5899 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:19
  const content = readFileSync(file, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f3ae130c579e6af3 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:22
  writeFileSync(file, updatedContent, 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #51b9f62b07eacd22 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:24
writeFileSync('docs/README.md', readme)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #980dcb77960e1206 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:36
writeFileSync(
  'dist/deno/README.md',
  readFileSync('docs/readme.md', { encoding: 'utf-8' })
    .replace(/^`jose` is distributed.+$\n\n/m, '')
    .replace(
      /\*\*[\s\S]+```/gm,
      `**\`example\`** Deno import
\`\`\`js
import * as jose from 'https://deno.land/x/jose@${tagName}/index.ts'
\`\`\``,
    )
    .replace(/(\]\()(?!https)/gm, `](https://github.com/panva/jose/blob/${tagName}/docs/`),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #91270ed759de3db0 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:38
  readFileSync('docs/readme.md', { encoding: 'utf-8' })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #06fa4e4371db03ee Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:65
  writeFileSync(path, readFileSync(path, { encoding: 'utf-8' }).replace(regex, replacement))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #57e6d0d29306e7bb Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/postbump.cjs:109
  writeFileSync(file, trimExcessComment(filterExamples(readFileSync(file, { encoding: 'utf-8' }))))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #380e4a0537449798 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/prebump.cjs:2
const { readFileSync, writeFileSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #83e89244f53ecfb3 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/prebump.cjs:11
writeFileSync(path, readFileSync(path, { encoding: 'utf-8' }).replace(/v(\d+\.\d+\.\d+)/g, tagName))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0fb6c75105b334fa Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/publish.cjs:1
const { readFileSync, writeFileSync, unlinkSync } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e1b72b5939cc1b11 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/publish.cjs:3
const pkg = JSON.parse(readFileSync('./package.json'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c6355baa6aa6ba8f Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/publish.cjs:8
writeFileSync('./package.json', `${JSON.stringify(pkg, null, 2)}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0e385dd326f297a0 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/release-notes.cjs:1
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4ace0cc407e816a3 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/release-notes.cjs:8
fs.writeFileSync(
  'notes.md',
  fs
    .readFileSync('CHANGELOG.diff')
    .toString()
    .split('\n')
    .filter((line) => line.startsWith('+') && !line.startsWith('+++'))
    .map((line) => line.slice(1))
    .slice(3)
    .join('\n'),
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f570bb1b953a43c0 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/release-notes.cjs:10
  fs
    .readFileSync('CHANGELOG.diff')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

minimatch

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #1130d10090f1a57b Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/index.ts:115
        process.env.__MINIMATCH_TESTING_PLATFORM__) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

open

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #817f49d66ba16f23 Filesystem access.
pkgs/npm/[email protected]/index.js:52
		const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ab047c3bf6d3cb Environment-variable access.
pkgs/npm/[email protected]/index.js:219
			: `${process.env.SYSTEMROOT || process.env.windir || 'C:\\Windows'}\\System32\\WindowsPowerShell\\v1.0\\powershell`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentui-spinner

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #169ad037884a23d7 Filesystem access.
pkgs/npm/[email protected]__reposrc/bench/scheduler-benchmark.ts:741
  writeFileSync(
    absolutePath,
    JSON.stringify(
      {
        meta: {
          benchmarkVersion: BENCHMARK_VERSION,
          timestamp: new Date().toISOString(),
          args: process.argv.slice(2),
          runtime: {
            bun: Bun.version,
            node: process.versions.node,
            v8: process.versions.v8,
            platform: process.platform,
            arch: process.arch,
          },
          cpu: cpus()[0]?.model,
          git: {
            commit: git(["rev-parse", "HEAD"]),
            branch: git(["branch", "--show-current"]),
            dirty: Boolean(git(["status", "--porcelain"])),
          },
          correctnessChecksum,
        },
        results,
      },
      null,
      2,
    ),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

remeda

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #dec35a31472d5844 Filesystem access.
pkgs/npm/[email protected]__reposrc/.claude/hooks/post-edit-prettier.ts:34
    const beforePrettier = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c18b5ca16de0d9fa Filesystem access.
pkgs/npm/[email protected]__reposrc/.claude/hooks/post-edit-prettier.ts:45
    writeFileSync(filePath, afterPrettier);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a049a639bd9fcd7 Filesystem access.
pkgs/npm/[email protected]__reposrc/packages/remeda/tsdown.config.ts:153
        const content = await readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5612ecfb3a5f4105 Filesystem access.
pkgs/npm/[email protected]__reposrc/packages/remeda/tsdown.config.ts:173
        await writeFile(file, withSymbols);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11a1121b5efe0be1 Filesystem access.
pkgs/npm/[email protected]__reposrc/packages/remeda/tsdown.config.ts:193
    const content = await readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c89ebd3fbcb77249 Filesystem access.
pkgs/npm/[email protected]/lib/getExePath.js:11
    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ulid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #ea919f5d422dd294 Environment-variable access.
pkgs/npm/[email protected]__reposrc/rollup.config.js:8
const ENV = process.env.ENV ? process.env.ENV : "node";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f769dffb772f2a58 Environment-variable access.
pkgs/npm/[email protected]__reposrc/rollup.config.js:9
const FMT = process.env.FMT ? process.env.FMT : "esm";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

vscode-jsonrpc

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #1428482f4dcbbebb Environment-variable access.
pkgs/npm/[email protected]/lib/node/main.js:152
const XDG_RUNTIME_DIR = process.env['XDG_RUNTIME_DIR'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

web-tree-sitter

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #66e6a3c01e774725 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:83
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96c30145fb206a66 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:88
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff39d16f3c44766e Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:94
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92f6dc77a1113dc7 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.cjs:4287
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e53bdede80d6b9e Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0518e7783e519b9c Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2109
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2ca78fc0124ecc3 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2116
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d428a42ebb287a59 Filesystem access.
pkgs/npm/[email protected]/debug/tree-sitter.js:2122
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ff62cf5b52b5189 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:98
  var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2bee151b19d6208 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:105
    var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #434a75d1217b8579 Filesystem access.
pkgs/npm/[email protected]/lib/tree-sitter.cjs:112
    var ret = fs.readFileSync(filename, binary ? undefined : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5419ce449b7c7020 Filesystem access.
pkgs/npm/[email protected]/src/language.ts:265
        bytes = fs.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09374e37131f698e Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:75
          var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb3e51c977406567 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:80
            var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79a9db30d9f4bc80 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:85
            var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d62f2eabde08798 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.cjs:3760
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73a94bb65966e632 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2035
        bytes = fs2.readFile(input);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1e61c6dd6bcb4d9 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2101
      var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7faa5632e7402187 Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2108
        var ret = fs.readFileSync(filename);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe9e9245dc432bc Filesystem access.
pkgs/npm/[email protected]/tree-sitter.js:2113
        var ret = fs.readFileSync(filename, binary2 ? void 0 : "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #5b79448a8e0502ae Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f42036c1bc8cadf7 Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

yargs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #09d5722dab37ca14 Environment-variable access.
pkgs/npm/[email protected]/lib/platform-shims/esm.mjs:29
    return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @opencode-ai/plugin prod — dist-only: no readable source
  • @opencode-ai/script prod — registry 404
  • @opencode-ai/sdk prod — dist-only: no readable source
  • @gitlab/opencode-gitlab-auth prod — dist-only: no readable source
  • @opencode-ai/codemode prod — registry 404
  • @opencode-ai/llm prod — registry 404
  • @opencode-ai/tui prod — registry 404
  • @solid-primitives/event-bus prod — dist-only: no readable source
  • @solid-primitives/scheduled prod — dist-only: no readable source
  • opencode-gitlab-auth prod — dist-only: no readable source
  • opencode-poe-auth prod — dist-only: no readable source
  • partial-json prod — dist-only: no readable source
  • @opencode-ai/client prod — no javascript source
  • acorn prod — scan budget exceeded
  • @ai-sdk/provider-utils prod — scan budget exceeded
  • @effect/sql-sqlite-bun prod — scan budget exceeded
  • @npmcli/arborist prod — scan budget exceeded
  • @npmcli/config prod — scan budget exceeded
  • @opencode-ai/effect-drizzle-sqlite prod — scan budget exceeded
  • @opencode-ai/effect-sqlite-node prod — scan budget exceeded
  • bun-pty prod — scan budget exceeded
  • which prod — scan budget exceeded
  • @kobalte/core prod — scan budget exceeded
  • @shikijs/transformers prod — scan budget exceeded
  • @solid-primitives/bounds prod — scan budget exceeded
  • @solid-primitives/event-listener prod — scan budget exceeded
  • @solid-primitives/media prod — scan budget exceeded
  • @solid-primitives/resize-observer prod — scan budget exceeded
  • @shikijs/stream prod — scan budget exceeded
  • dompurify prod — scan budget exceeded
  • katex prod — scan budget exceeded
  • luxon prod — scan budget exceeded
  • marked-katex-extension prod — scan budget exceeded
  • marked-shiki prod — scan budget exceeded
  • morphdom prod — scan budget exceeded
  • motion prod — scan budget exceeded
  • motion-dom prod — scan budget exceeded
  • motion-utils prod — scan budget exceeded
  • remend prod — scan budget exceeded
  • shiki prod — scan budget exceeded
  • solid-list prod — scan budget exceeded
  • @slack/bolt prod — scan budget exceeded
  • @corvu/drawer prod — scan budget exceeded
  • @dnd-kit/abstract prod — scan budget exceeded
  • @dnd-kit/dom prod — scan budget exceeded
  • @dnd-kit/helpers prod — scan budget exceeded
  • @dnd-kit/solid prod — scan budget exceeded
  • @pierre/trees prod — scan budget exceeded
  • @solid-primitives/active-element prod — scan budget exceeded
  • @solid-primitives/audio prod — scan budget exceeded
  • @solid-primitives/scroll prod — scan budget exceeded
  • @solid-primitives/timer prod — scan budget exceeded
  • @solid-primitives/websocket prod — scan budget exceeded
  • @tanstack/solid-query prod — scan budget exceeded
  • @tanstack/solid-virtual prod — scan budget exceeded
  • @thisbeyond/solid-dnd prod — scan budget exceeded
  • ghostty-web prod — scan budget exceeded
  • solid-presence prod — scan budget exceeded
  • aws4fetch prod — scan budget exceeded
  • @solidjs/start prod — scan budget exceeded
  • @hono/standard-validator prod — scan budget exceeded
  • hono-openapi prod — scan budget exceeded
  • js-base64 prod — scan budget exceeded
  • nitro prod — scan budget exceeded
  • clipboardy prod — scan budget exceeded
  • @astrojs/cloudflare prod — scan budget exceeded
  • @astrojs/markdown-remark prod — scan budget exceeded
  • @astrojs/solid-js prod — scan budget exceeded
  • @astrojs/starlight prod — scan budget exceeded
  • @fontsource/ibm-plex-mono prod — scan budget exceeded
  • astro prod — scan budget exceeded
  • lang-map prod — scan budget exceeded
  • rehype-autolink-headings prod — scan budget exceeded
  • toolbeam-docs-theme prod — scan budget exceeded
  • @smithy/eventstream-codec prod — scan budget exceeded
  • @smithy/util-utf8 prod — scan budget exceeded
  • @effect/platform-node-shared prod — scan budget exceeded
  • @jsx-email/all prod — scan budget exceeded
  • @jsx-email/cli prod — scan budget exceeded
  • @opencode-ai/console-core prod — scan budget exceeded
  • @opencode-ai/console-resource prod — scan budget exceeded
  • @aws-sdk/client-sts prod — scan budget exceeded
  • @jsx-email/render prod — scan budget exceeded
  • @opencode-ai/console-mail prod — scan budget exceeded
  • @planetscale/database prod — scan budget exceeded
  • postgres prod — scan budget exceeded
  • stripe prod — scan budget exceeded
  • @cloudflare/vite-plugin prod — scan budget exceeded
  • @ibm/plex prod — scan budget exceeded
  • @stripe/stripe-js prod — scan budget exceeded
  • @upstash/redis prod — scan budget exceeded
  • chart.js prod — scan budget exceeded
  • solid-stripe prod — scan budget exceeded
  • @aws-sdk/client-firehose prod — scan budget exceeded
  • @opencode-ai/stats-core prod — scan budget exceeded
  • @aws-sdk/client-athena prod — scan budget exceeded
  • d3-geo prod — scan budget exceeded
  • d3-scale prod — scan budget exceeded
  • i18n-iso-countries prod — scan budget exceeded
  • topojson-client prod — scan budget exceeded
  • world-atlas prod — scan budget exceeded